DOCSLIB.ORG

Block Ciphers for the Iot – SIMON, SPECK, KATAN, LED, TEA, PRESENT, and SEA Compared

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Block Ciphers for the Iot – SIMON, SPECK, KATAN, LED, TEA, PRESENT, and SEA Compared Block ciphers for the IoT { SIMON, SPECK, KATAN, LED, TEA, PRESENT, and SEA compared Michael Appel1, Andreas Bossert1, Steven Cooper1, Tobias Kußmaul1, Johannes L¨offler1, Christof Pauer1, and Alexander Wiesmaier1;2;3 1 TU Darmstadt 2 AGT International 3 Hochschule Darmstadt Abstract. In this paper we present 7 block cipher algorithms Simon, Speck, KATAN, LED, TEA, Present and Sea. Each of them gets a short introduction of their functions and it will be examined with regards to their security. We also compare these 7 block ciphers with each other and with the state of the art algorithm the Advanced Encryption Standard (AES) to see how efficient and fast they are to be able to conclude what algorithm is the best for which specific application. Keywords: Internet of things (IoT); lightweight block ciphers; SIMON; SPECK; KATAN; LED; TEA; PRESENT; SEA 1 Introduction In modern IT The Internet of Things(IoT) is one of the most recent topics. Through the technical progress the internet has increasingly moving into our daily lives. More and more devices get functions to go online interconnect with each other and send and receive data. The increasingly smaller and cheaper expectant electronic control and communication components were installed in particular in recent years, increasingly in things of daily life. Typical fields of application are for example home automation, Security technology in the private or business environment as well as the supporting usage in the industry [1]. Be- cause of the very high price sensitivity in this environment the focus is set on the efficiency of the used programs and algorithms. Requires an optimized algorithm for example just the half on computing time and memory, it is accordingly pos- sible to use cheaper hardware. Extrapolated to the produced number of units a considerable amount can be saved or the IoT technology can be built in accord- ingly cheaper things. Due to the growing integration of technology in the daily life and inevitably into the highly personal sphere, the claim of confidentiality and security on the collected data and the networked devices is increasing. It is very important to be sure that these connections are secure but also efficient. The state of the art block cipher AES cannot be used for these low-end devices such as RFID tags or sensor networks because they are often very small, have less computing power or have to be very power saving. So we have very con- strained environments. Against this background particularly efficient algorithms have been developed, which are partly specially adapted to the used hardware. Our 7 block ciphers had been developed to fulfil these constraints. KATAN, LED, SIMON and PRESENT have been optimized for performance on hard- ware devices and SPECK, SEA and TEA for performance in software. At the comparison section we will see how good they fulfil these goals. We organize this paper as follows: In Section 2 we have a short overview of fur- ther related works which also concerned about our 7 algorithms. In section 3 some attack procedures on block ciphers are explained. Section 4, 5, 6, 7, 8, 9 presents SIMON, SPECK, KATAN, LED, TEA, PRESENT and SEA. How they work, the different variants and possible attacks against them. In Section 10 the block ciphers are compared with each other under performance and efficiency points as well as with AES aspects. Section 11 gives a short conclusion. 2 Related Work There is a growing number of low-cost cryptography and a number of papers dealing with their comparison. The Paper from [2] Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices [3] tries to build a uniform comparison platform by using the ATMEL ATtiny45. 4 [3] implement 12 block ciphers including AES, DESL, HEIGHT, IDEA, KASUMI, KATAN, KLEIN, mCrypton, NOEKEON, PRESENT, SEA and TEA on that platform and published the source code as open source. This should serve as a better com- parison platform for the future. There is also work done that compares not only block ciphers among each other. [3] covers block ciphers and stream ciphers. For the comparison, they focus on key bits, block bits, cycles per block, throughput at 100 kHz and the area in gate equivalents the algorithm needs for implemen- tation. They split the algorithms they compared into two groups, hardware and software oriented ciphers. [4] focused mainly on stream ciphers in their work Hardware results for selected stream cipher candidates[4]. In the area of SIMON and SPECK there exist two similar papers The SIMON and SPECK Families of Lightweight Block Ciphers [5] and SIMON and SPECK: Block Ciphers for the Internet of Things [6]. The papers explains how the al- gorithm works, it contains many performance comparisons on constrained plat- forms and it describes many security aspects. A few of the comparisons were used in this paper too. One paper which compares KATAN with other lightweight block ciphers is the pa- per Katan and ktantan - a family of small and efficient hardware-oriented block ciphers [7] from the designers of KATAN . It explains what are the difference be- tween KATAN and several existing block ciphers and compares them. The paper Modellbildung in der algebraischen kryptoanalyse [8] handles among other about different attacks on KATAN and compares them with each other. Furthermore 4 http://www.atmel.com/devices/attiny45.aspx does it explain how KATAN is designed and explains a new algebraic attack which is better than any other known algebraic attacks. In the area of TEA and LED there exist many papers which also deal with these algorithms from different points of view. First to call are the papers which generally deal with these encryption methods. They each illustrate one of the al- gorithms and concentrate on certain properties in different detail degrees. For the Tiny Encryption Algorithm (TEA) the following papers are cited as examples: TEA, a Tiny Encryption Algorithm[9], Tiny Encryption Algorithm (TEA)[10] and The Tiny Encryption Algorithm (TEA)[11] Another relevant group are the papers which have a special focus on the light- ness and therefore the suitability of TEA in very small, computationally weak and cheaper Hardware. Here are specially the papers: Design and Implemen- tation of Low Power Hardware Encryption for Low Cost Secure RFID Using TEA[12] and Hardware Implementation of a TEA-Based Lightweight Encryp- tion for RFID Security [13] to call. At last we have the papers which consider XTEA under the security aspects and describe vulnerabilities and possible attacks. These include inter alia the follow- ing: Related-key rectangle attack on 36 rounds of the XTEA block cipher[14] and Meet-in-the-Middle Attacks on Reduced-Round XTEA[15]. 3 Attacks In this section different types of attacks on block ciphers will be shortly de- scribed. These attacks play a more or less important role for the in this paper handled ciphers and will be taken up again in the security section. The attacks are: brute-force, linear cryptanalysis, algebraic cryptanalysis, differential crypt- analysis, related-key attacks, meet-in-the-middle attacks, side-channel attacks and combinations of these methods. Brute-force. A brute-force attack tests systematically all possible keys on the cypher text. It is assumed that the attacker don't have any prior knowledge about the keys that are more probably than other keys. This type of attack is often from minor importance because it is uneconomical to decrypt the cypher text with all possible keys. The complexity of a brute-force attack act as reference for other attacks. Linear cryptanalysis This attack requires a known-plaintext attacker ahead, i.e. the attacker knows the relative cipher text to a certain plaintext. The idea of the attack is to find linear equations for parts or. single operations of the cypher. The equations try to determine plain text bits, cipher text bits and key 1 bits pairs with a better probability than 2 . For these attacks it is an important performance factor how many plaintext ciphertext pairs are needed. Algebraic cryptanalysis This attack has the same objective as the linear cryptanalysis, but instead of only linear equations also polynomial equations of any degree can be used. An often problem in this context is there is no exact complexity and because of that it is necessary to use other metrics like runtime on a specific test environment. Differential cryptanalysis. The differential cryptanalysis is a chosen-plaintext attack, i.e. the attacker can encrypt a chosen plaintext. To accomplish the at- tack pairs (∆X; ∆Y ) are compared, whereby ∆X and ∆Y are in each case the difference (e.g. XOR) of two values, e.g. the difference of two inputs and outputs of the algorithm. Goal of this analysis is to classify certain keys more likely. Related-key attack. At a related-key attack it is assumed that the attacker knows not only the cipher text of the originally keys K but also the decryption with key K0 which are derived from K i.e. K0 = f(K). Meet-in-the-middle attacks (MITM). MITM attacks assume at least one known pair of plain- and cipher text (known- or. Chosen-plaintext). At the first step the attacker tries to filter keys i.e. the key space is limited. At the second step the right key is searched using brute-force or another attack. More details about this attack technique can be found for example in Takanori Isobe and Kyoki Shibutanii[16]. Side-channel attacks. A side-channel attack doesn't attack the algorithm it- self but the physical implementation. The attacker tries for example of the du- ration or the power consumption of certain operations to infer information.
Load more

Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • Chapter 2 the Data Encryption Standard (DES)
    Chapter 2 The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmet- ric or secret key cryptography and asymmetric or public key cryptography. Symmet- ric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed. Secret Key (K) Secret Key (K) ? ? - - - - Plaintext (P ) E{P,K} Ciphertext (C) D{C,K} Plaintext (P ) Figure 2.1: Secret key encryption. To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa. 1It is claimed by some that government agencies knew about asymmetric cryptography before this.
    [Show full text]
  • Partly-Pseudo-Linear Cryptanalysis of Reduced-Round SPECK
    cryptography Article Partly-Pseudo-Linear Cryptanalysis of Reduced-Round SPECK Sarah A. Alzakari * and Poorvi L. Vora Department of Computer Science, The George Washington University, 800 22nd St. NW, Washington, DC 20052, USA; [email protected] * Correspondence: [email protected] Abstract: We apply McKay’s pseudo-linear approximation of addition modular 2n to lightweight ARX block ciphers with large words, specifically the SPECK family. We demonstrate that a pseudo- linear approximation can be combined with a linear approximation using the meet-in-the-middle attack technique to recover several key bits. Thus we illustrate improvements to SPECK linear distinguishers based solely on Cho–Pieprzyk approximations by combining them with pseudo-linear approximations, and propose key recovery attacks. Keywords: SPECK; pseudo-linear cryptanalysis; linear cryptanalysis; partly-pseudo-linear attack 1. Introduction ARX block ciphers—which rely on Addition-Rotation-XOR operations performed a number of times—provide a common approach to lightweight cipher design. In June 2013, a group of inventors from the US’s National Security Agency (NSA) proposed two families of lightweight block ciphers, SIMON and SPECK—each of which comes in a variety of widths and key sizes. The SPECK cipher, as an ARX cipher, provides efficient software implementations, while SIMON provides efficient hardware implementations. Moreover, both families perform well in both hardware and software and offer the flexibility across Citation: Alzakari, S.; Vora, P. different platforms that will be required by future applications [1,2]. In this paper, we focus Partly-Pseudo-Linear Cryptanalysis on the SPECK family as an example lightweight ARX block cipher to illustrate our attack.
    [Show full text]
  • TS 135 202 V7.0.0 (2007-06) Technical Specification
    ETSI TS 135 202 V7.0.0 (2007-06) Technical Specification Universal Mobile Telecommunications System (UMTS); Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi specification (3GPP TS 35.202 version 7.0.0 Release 7) 3GPP TS 35.202 version 7.0.0 Release 7 1 ETSI TS 135 202 V7.0.0 (2007-06) Reference RTS/TSGS-0335202v700 Keywords SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • Meet-In-The-Middle Attacks on Reduced-Round XTEA*
    Meet-in-the-Middle Attacks on Reduced-Round XTEA⋆ Gautham Sekar⋆⋆, Nicky Mouha⋆ ⋆ ⋆, Vesselin Velichkov†, and Bart Preneel 1 Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium. 2 Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium. {Gautham.Sekar,Nicky.Mouha,Vesselin.Velichkov, Bart.Preneel}@esat.kuleuven.be Abstract. The block cipher XTEA, designed by Needham and Wheeler, was published as a technical report in 1997. The cipher was a result of fixing some weaknesses in the cipher TEA (also designed by Wheeler and Needham), which was used in Microsoft’s Xbox gaming console. XTEA is a 64-round Feistel cipher with a block size of 64 bits and a key size of 128 bits. In this paper, we present meet-in-the-middle attacks on twelve vari- ants of the XTEA block cipher, where each variant consists of 23 rounds. Two of these require only 18 known plaintexts and a computational ef- fort equivalent to testing about 2117 keys, with a success probability of 1−2 −1025. Under the standard (single-key) setting, there is no attack re- ported on 23 or more rounds of XTEA, that requires less time and fewer data than the above. This paper also discusses a variant of the classical meet-in-the-middle approach. All attacks in this paper are applicable to XETA as well, a block cipher that has not undergone public analysis yet. TEA, XTEA and XETA are implemented in the Linux kernel. Keywords: Cryptanalysis, block cipher, meet-in-the-middle attack, Feis- tel network, XTEA, XETA.
    [Show full text]
  • The Summation-Truncation Hybrid: Reusing Discarded Bits for Free
    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free Aldo Gunsing and Bart Mennink Digital Security Group, Radboud University, Nijmegen, The Netherlands [email protected], [email protected] Abstract. A well-established PRP-to-PRF conversion design is trun- cation: one evaluates an n-bit pseudorandom permutation on a certain input, and truncates the result to a bits. The construction is known to achieve tight 2n−a=2 security. Truncation has gained popularity due to its appearance in the GCM-SIV key derivation function (ACM CCS 2015). This key derivation function makes four evaluations of AES, truncates the outputs to n=2 bits, and concatenates these to get a 2n-bit subkey. In this work, we demonstrate that truncation is wasteful. In more detail, we present the Summation-Truncation Hybrid (STH). At a high level, the construction consists of two parallel evaluations of truncation, where the truncated (n − a)-bit chunks are not discarded but rather summed together and appended to the output. We prove that STH achieves a similar security level as truncation, and thus that the n − a bits of extra output is rendered for free. In the application of GCM-SIV, the current key derivation can be used to output 3n bits of random material, or it can be reduced to three primitive evaluations. Both changes come with no security loss. Keywords: PRP-to-PRF, Truncation, Sum of permutations, Efficiency, GCM-SIV 1 Introduction The vast majority of symmetric cryptographic schemes is built upon a pseu- dorandom permutation, such as AES [21]. Such a function gets as input a key and bijectively transforms its input to an output such that the function is hard to distinguish from random if an attacker has no knowledge about the key.
    [Show full text]
  • Linear Cryptanalysis of Reduced-Round SIMON Using Super Rounds
    cryptography Article Linear Cryptanalysis of Reduced-Round SIMON Using Super Rounds Reham Almukhlifi * and Poorvi L. Vora Department of Computer Science, The George Washington University, Washington, DC 20052, USA; [email protected] * Correspondence: [email protected] Received: 5 March 2020; Accepted: 15 March 2020; Published: 18 March 2020 Abstract: We present attacks on 21-rounds of SIMON 32/64, 21-rounds of SIMON 48/96, 25-rounds of SIMON 64/128, 35-rounds of SIMON 96/144 and 43-rounds of SIMON 128/256, often with direct recovery of the full master key without repeating the attack over multiple rounds. These attacks result from the observation that, after four rounds of encryption, one bit of the left half of the state of 32/64 SIMON depends on only 17 key bits (19 key bits for the other variants of SIMON). Further, linear cryptanalysis requires the guessing of only 16 bits, the size of a single round key of SIMON 32/64. We partition the key into smaller strings by focusing on one bit of state at a time, decreasing the cost of the exhaustive search of linear cryptanalysis to 16 bits at a time for SIMON 32/64. We also present other example linear cryptanalysis, experimentally verified on 8, 10 and 12 rounds for SIMON 32/64. Keywords: SIMON; linear cryptanalysis; super round 1. Introduction Lightweight cryptography is a rapidly growing area of research, emerging to fill the need for securing highly-constrained devices such as RFID tags and sensor networks. The limited hardware and software resources require that the cryptographic primitives be highly efficient.
    [Show full text]
  • Species Composition of the Largest Shark Fin Retail-Market in Mainland
    www.nature.com/scientificreports OPEN Species composition of the largest shark fn retail‑market in mainland China Diego Cardeñosa1,2*, Andrew T. Fields1, Elizabeth A. Babcock3, Stanley K. H. Shea4, Kevin A. Feldheim5 & Demian D. Chapman6 Species‑specifc monitoring through large shark fn market surveys has been a valuable data source to estimate global catches and international shark fn trade dynamics. Hong Kong and Guangzhou, mainland China, are the largest shark fn markets and consumption centers in the world. We used molecular identifcation protocols on randomly collected processed fn trimmings (n = 2000) and non‑ parametric species estimators to investigate the species composition of the Guangzhou retail market and compare the species diversity between the Guangzhou and Hong Kong shark fn retail markets. Species diversity was similar between both trade hubs with a small subset of species dominating the composition. The blue shark (Prionace glauca) was the most common species overall followed by the CITES‑listed silky shark (Carcharhinus falciformis), scalloped hammerhead shark (Sphyrna lewini), smooth hammerhead shark (S. zygaena) and shortfn mako shark (Isurus oxyrinchus). Our results support previous indications of high connectivity between the shark fn markets of Hong Kong and mainland China and suggest that systematic studies of other fn trade hubs within Mainland China and stronger law‑enforcement protocols and capacity building are needed. Many shark populations have declined in the last four decades, mainly due to overexploitation to supply the demand for their fns in Asia and meat in many other countries 1–4. Mainland China was historically the world’s second largest importer of shark fns and foremost consumer of shark fn soup, yet very little is known about the species composition of shark fns in this trade hub2.
    [Show full text]
  • Design and Low Power VLSI Implementation of Triple -DES Algorithm
    Design and Low Power VLSI Implementation of Triple -DES Algorithm Alexandra Camacho, Isaac Sanchez, Eugene B. John and Ram Krishnan Department of Electrical and Computer Engineering The University of Texas at San Antonio One UTSA Circle, San Antonio, TX 78249-0669 ([email protected] ; [email protected]; [email protected]; [email protected]) Abstract — Triple DES (Data Encryption Standard) is a widely we seek to improve encryption by building on the DES chip used encryption algorithm known to achieve good performance and developing a Triple-DES algorithm that is more secure and high security. In this paper, we describe the design and low and commonly used by financial institutions for secure power VLSI implementation of the well-known triple DES transactions. algorithm. The implementation includes two main parts: key generation and the encryption/decryption process. In the DES II. BACKGROUND module, the key generation part takes the given key and produces 16 distinct keys to be used during the encryption stage. The DES A. Data Encryption Standard process is then repeated three times for added security. The chip The Data Encryption Standard (DES) is a block cipher that was implemented using TSMC 180nm process. The designed chip 2 uses shared secret encryption. DES is the archetypal block has an area of 766,359 µm and the power dissipation is 32.38mW cipher which is an algorithm that takes a fixed-length string of for a Vdd of 1.8V. plaintext bits and transforms it through a series of complicated Keywords-Encryption, DES, 3DES, Low Power, Cryptosystem. operations into another ciphertext bitstring of the same length.
    [Show full text]
  • Data Encryption Standard (DES)
    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
    [Show full text]
  • Giza and the Pyramids, Veteran Hosni Mubarak
    An aeroplane flies over the pyramids and Sphinx on the Giza Plateau near Cairo. ARCHAEOLOGY The wonder of the pyramids Andrew Robinson enjoys a volume rounding up research on the complex at Giza, Egypt. n Giza and the Pyramids, veteran Hosni Mubarak. After AERAGRAM 16(2), 8–14; 2015), the tomb’s Egyptologists Mark Lehner and Zahi Mubarak fell from four sides, each a little more than 230 metres Hawass cite an Arab proverb: “Man power during the long, vary by at most just 18.3 centimetres. Ifears time, but time fears the pyramids.” It’s Arab Spring that year, Lehner and Hawass reject the idea that a reminder that the great Egyptian complex Hawass resigned, amid armies of Egyptian slaves constructed the on the Giza Plateau has endured for some controversy. pyramids, as the classical Greek historian four and a half millennia — the last monu- The Giza complex Herodotus suggested. They do, however, ment standing of that classical-era must-see invites speculation embrace the concept that the innovative list, the Seven Wonders of the World. and debate. Its three administrative and social organization Lehner and Hawass have produced an pyramids are the Giza and the demanded by the enormous task of build- astonishingly comprehensive study of the tombs of pharaohs Pyramids ing the complex were key factors in creating excavations and scientific investigations Khufu, Khafre and MARK LEHNER & ZAHI Egyptian civilization. CREATIVE GEOGRAPHIC L. STANFIELD/NATL JAMES that have, over two centuries, uncovered Menkaure, also known HAWASS The authors are also in accord over a the engineering techniques, religious and as Cheops, Chephren Thames & Hudson: theory regarding the purpose of the Giza cultural significance and other aspects of and Mycerinus, 2017.
    [Show full text]
  • FPGA Modeling and Optimization of a SIMON Lightweight Block Cipher
    sensors Article FPGA Modeling and Optimization of a SIMON Lightweight Block Cipher Sa’ed Abed 1,* , Reem Jaffal 1, Bassam Jamil Mohd 2 and Mohammad Alshayeji 1 1 Department of Computer Engineering, Kuwait University, Safat 13060, Kuwait; [email protected] (R.J.); [email protected] (M.A.) 2 Department of Computer Engineering, Hashemite University, Zarqa 13115, Jordan; [email protected] * Correspondence: [email protected]; Tel.: +965-249-837-90 Received: 18 December 2018; Accepted: 18 February 2019; Published: 21 February 2019 Abstract: Security of sensitive data exchanged between devices is essential. Low-resource devices (LRDs), designed for constrained environments, are increasingly becoming ubiquitous. Lightweight block ciphers provide confidentiality for LRDs by balancing the required security with minimal resource overhead. SIMON is a lightweight block cipher targeted for hardware implementations. The objective of this research is to implement, optimize, and model SIMON cipher design for LRDs, with an emphasis on energy and power, which are critical metrics for LRDs. Various implementations use field-programmable gate array (FPGA) technology. Two types of design implementations are examined: scalar and pipelined. Results show that scalar implementations require 39% less resources and 45% less power consumption. The pipelined implementations demonstrate 12 times the throughput and consume 31% less energy. Moreover, the most energy-efficient and optimum design is a two-round pipelined implementation, which consumes 31% of the best scalar’s implementation energy. The scalar design that consumes the least energy is a four-round implementation. The scalar design that uses the least area and power is the one-round implementation.
    [Show full text]